[Snort-users] Commercial Advanced Packet Sniffers, how do they do this? Application signatures?
dsyuoul at ...11827...
Fri Jan 22 17:00:25 EST 2010
On Fri, Jan 22, 2010 at 2:42 PM, Richard Bejtlich <taosecurity at ...11827...> wrote:
>  http://taosecurity.blogspot.com/2006/09/port-independent-protocol.html
>  http://bro-ids.org/wiki/index.php/DynamicProtocolDetection
Interesting enough the L7-filter and IPP2P projects seem to be dead.
http://bro-ids.org/wiki/index.php/DynamicProtocolDetection is an
interesting concept but it appears to be general.. and doesnt seem to
be ready for production..
More information about the Snort-users